We, i.e. Lumbers Ltd, are responsible under the data protection law pursuant to art. 4 no. 7 GDPR for the collection, processing and use of your personal data and lawful data processing. We thank you for your interest in our products and services, whether accessed through the internet or in-store. Your privacy is very important to us and we wish to assure you that the utmost care is taken regarding the personal information which you provide.
This policy will set out the reasons and the methods used to collect your data along with how we handle the information. Our contact details can be found at the end of this policy, along with details of how to access and update your personal information. You will also find details on how to make a complaint.
This policy was updated on 10th May 2018 in response to the General Data Protection Regulations (GDPR). From the 25th May 2018 we are required by law to ask for your permission to contact you. You may withdraw your consent for us to contact you, or to use your information in connection with any of the processes detailed in this policy at any time. The only exception to this is where there is an overriding legal imperative.
Lumbers is incredibly proud to be part of Leicester’s heritage. Lumbers is a family run retail jeweller, which has traded in Leicester since its establishment in 1881. As the “controller” of your personal information we are responsible for its security and for deciding how and why it is processed.
Where the text in this policy refers to “our”, “us” or “we”, it is referring to Lumbers LTD.
When you visit our website, our servers temporarily store every access in a log file.
The following data is stored by us:
The collection and processing of this data is generally anonymised without personal reference for the purpose of enabling the use of the website (connection establishment), ensuring long-term system security and stability and optimising the Internet offer as well as for internal statistical purposes.
Only in the event of an attack on the network infrastructure of www.lumbers.co.uk or in case of a suspicion of another unauthorised or improper use of the website, the IP address shall be evaluated for clarification and defence and, if necessary, used within the scope of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.
The afore-described purposes also correspond to our legitimate interest in the data processing within the remit of art. 6 para. 1 lit. f EU-GDPR.
The data is deleted once it is no longer necessary for achieving the purpose of its collection. If the data is collected for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, it is deleted within 7 days of your visit to the website. A further storage is possible. In this case, the IP addresses of the users are deleted or obfuscated so that an individual cannot be identified.
In order to receive the newsletter, it is essential that you enter the following personal data truthfully (*mandatory):
After entering the aforementioned information, you can sign up for our newsletter. With the registration for the newsletter, you give us your consent to process the entered data for the regular dispatch of the newsletter to the address specified by you. This consent shall represent our legal basis for the processing of your data within the remit of art. 6 para. 1 lit. an EU-GDPR. We use your data for sending newsletters until you revoke your consent. You can revoke your consent at any time. In addition, you will find an unsubscribe link in all newsletter e-mails. Alternatively, the objection can take place by using the options and addresses mentioned in section “Contact”.
Please feel free to contact us by telephone, if you have any questions, or require advice regarding products and services shown on our website.
You are responsible for the messages or the content, which you transmit to us over the telephone. We recommend not transmitting any sensitive information. We only collect the personal data, which has been disclosed voluntarily by yourself. It is therefore within your control as to what information you provide. In order to be able to answer your questions fully and accurately, we may ask you to provide us with additional information such as your address, your e-mail address, etc. We only collect such personal information, as is necessary to answer your questions, or to provide the services requested by you.
As the direct controller, or in the case of an authorised third party, we have legitimate interests with regards the processing of your data, within the remit of art. 6 para. 1 lit. f EU-GDPR. You have the right to object to the data processing at any time or, if you feel that the actions being taken contravene your rights under the law. (See also Contract)
When using our website, you have the option of registering a user account. During the registration, we collect the following data (mandatory):*
We need this information to provide you an overview of your orders and the contracts made with you in this context. The legal basis of the processing of your personal data lies in the pre-contractual measures and the implementation of a contract within the remit of art. 6 para. 1 lit. b EU-GDPR as well as our legitimate interest to provide our customers with a useful online account within the remit of art. 6 para. 1 lit. f EU-GDPR.
You can object to such data processing at any time. In such a case, you can no longer use your customer account. The objection takes place using the options and addresses mentioned in the section “Contact”. You also have the ability to delete your account.
On our website, you have the option of placing an order as a guest. For ordering as a guest, we collect the following data (mandatory*):
We need this information in order to process your order and to deliver the desired products to you. The legal basis of the processing of your personal data lies in the pre-contractual measures and the implementation of a contract within the meaning of art. 6 para. 1 lit. b EU-GDPR.
When you place an order on our website, your payment details are collected and processed via a third party, as we do not collect and store the payment data. It is collected directly by the service provider. In addition to the specified payment data, the payment service provider only has knowledge of the order number and the invoice amount. It cannot link this data to your personal information.
Your details are required to process your order or to carry out the payment process. The legal basis for the processing of your personal data lies in the implementation of a contract within the remit of art. 6 para. 1 lit. b EU-GDPR.
The data specified in the afore-mentioned provisions is stored in a central electronic data processing system. Your data is thereby systematically recorded, linked and evaluated in order to process your enquiries and to process our services.
Your personal data is stored electronically in our onsite computer server and on an encrypted back up hard drive, which is stored in our onsite fireproof high security vault.
Repairs receipt packets, showing names addresses and contact details are kept onsite in locked secure rooms during processing and then in the safes with the product, until collected.
Completed handwritten receipts and completed repairs packets, are stored in our onsite locked high security accounts room until destroyed.
Copies of the interest free credit agreements are attached to the credit company’s invoice and stored in our onsite locked high security accounts office when made in-store.
We forward your data only if you have explicitly consented to the same, we are obligated to do so by law, if this is necessary for the assertion of our rights or we need to do this to run our business. Moreover, we forward personal data of users to third parties if this is necessary within the scope of the use of the website as well as the answering of questions, processing of enquiries or for any provision of services requested by the user. The use of such forwarded data by the third parties is strictly limited to the specified purposes.
See section 13 for the address details.
With your subscription to the newsletter, if you have expressly agreed that we can, we will use your address and personal data for marketing campaigns such as the delivery of the Lumbers newsletter and/or the dispatch of catalogues. You can unsubscribe from all marketing campaigns at any time.
For sending our newsletter, we use the e-mail marketing services of MailChimp whereby the newsletter data can be forwarded to MailChimp for this purpose. The newsletter data is stored on the hosting server of the website as well as on MailChimps server.
Our newsletter can contain a so-called web beacon (tracking pixel) or similar technical tools. A web beacon is a 1x1 pixel, invisible graphic that is associated with the user ID of the respective newsletter subscriber.
For each newsletter sent, there is information about the address file used, the subject and the number of newsletters sent. In addition, we can see which addresses have not yet received the newsletter, either because the newsletter was not accurately dispatched or because it was not received due to a failure at the receiving end. The opening rate including the information as to which addresses have opened the newsletter and which addresses have unsubscribed from the newsletter mailing list, can also be explained. We use this data for statistical purposes and to optimise the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of the recipients. The tracking pixel is deleted if you delete the newsletter.
To prevent the use of the web beacon in our newsletter, please set your mail program such that no HTML is displayed in messages, if this is already not the case by default. On the following pages, you shall find explanations as to how you can make this setting for the most common e-mail programmes:
This data processing is based on art. 6 para. 1 lit. f EU-GDPR. This general permission allows the processing of personal data within the scope of our legitimate interest. The legitimate interest lies in sending marketing to promote our business, ensuring our direct marketing messages are received, and the analysis of the use of the newsletters. You can object to such data processing at any time (refer to section Contact).
You can object to the previously listed data processing in different ways:
On our website, we use “Facebook Pixel” from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are a resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook can designate visitors to our website as a target group for displaying advertisements (so-called “Facebook Ads”) using Facebook-Pixel. Accordingly, we use Facebook-Pixel to display Facebook ads that are placed by us only to those Facebook users, who have also shown interest in our website or have shown specific characteristics (e.g. interests in specific topics or products that are determined based upon the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of Facebook-Pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and are not harassing. Using Facebook-Pixel, we can also understand the effectiveness of Facebook Ads for statistical and market research purposes, in which we see which users were forwarded to our website after clicking on a Facebook ad (so-called “Conversion”).
Facebook-Pixel is directly integrated by Facebook when accessing our website and can save a so-called cookie on your device. If you subsequently log in to Facebook or visit Facebook while being logged in, the visit to our website shall be noted in your profile. The data collected about you is anonymous for us, so it does not provide us with any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible. The data can therefore be used by Facebook for its own market research and advertising purposes. Furthermore, when using Facebook-Pixel, we use the additional function “expanded comparison”, in which data on the creation of target groups (“Custom Audiences” or “Look Alike Audiences”) is transmitted to Facebook in an encrypted form.
The legal basis for the aforementioned data processing lies in our legitimate interest in the analysis, optimisation and economic operation of our online offer (art. 6 para. 1 lit. f GDPR).
In many respects, cookies help to make visiting our website easier, more pleasant and more useful. Cookies are information files stored automatically by your web browser on the hard disk of your computer when you visit our website.
Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or that a notice always appears when you receive a new cookie. An objection to the setting of cookies and the collection of personal data can also be implemented in this way.
The following pages explain how to configure the processing of cookies for the most common browsers:
Deactivating cookies may however result in you not being able to use all functionality on our website.
The website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods that allow an analysis of the use of the website, such as “Cookies” (refer above to section 5 Cookies). The following information generated by the cookie about your use of this website
is transmitted to and stored on Google servers, a company of the holding company Alphabet Inc., in the USA. The IP address is shortened by the activation of IP anonymisation (“anonymizeIP”) on this website, before transmission within the Member States of the European Union or other states that are party to the Agreement on the European Economic Area, as well as in Switzerland. Google does not merge the anonymised IP address transmitted by your browser within the scope of Google Analytics with other data. Only in exceptional cases, the full IP address is transferred to a Google server in the USA and shortened there.
The information is used in order to evaluate the use of the website, to compile reports on the activities on the website and to provide other services related to the use of the website and the Internet for the purposes of market research and tailor-made website design. According to Google, no connection is ever made between the IP address and other data relating to the user.
Users can prevent the collection of the data (including the IP address) generated by the cookie and related to the website use by the respective user by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link:
As an alternative to the browser plug-in, users can click on this link to prevent the collection by Google Analytics on this website in the future. An opt-out cookie is stored on the user’s end device. If the user deletes cookies, the link must be clicked again.
Links to our own social media presences
On our website, we have incorporated links to our social media profiles on the following social networks:
Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA
Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA
LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
If you click on the relevant social network icons, you will be automatically redirected to our profile on the relevant network. In order to use the functions of the relevant network there, you must partially log in to your user account with the relevant network.
When you open a link to one of our social media profiles, a direct connection between your browser and the server of the relevant social network is established. This gives the network the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while being logged in to your account on the relevant network, the contents of our page may be linked with your profile in the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. An assignment takes place in any case, if you log into the relevant network after clicking on the link.
You can any time object to data processing, particularly to data processing in connection with direct advertisement (e.g. against advertising e-mails). You have the following rights:
Right to information: You have the right to demand an insight into your personal data saved with us any time and free of charge if we are processing this data. You can check as to which of your personal data is being processed by us, and that we are using it according to the applicable data protection regulations.
Right to correction: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we shall inform the recipients of the data concerned about the corrections made unless this is impossible or associated with disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In the individual case, the right to deletion may be excluded.
Right to restriction of the processing: Under certain conditions, you have the right to demand restriction of the processing of your personal data.
Right to data transfer: Under certain circumstances, you have the right to have the personal data that was provided to us by you, free of charge in a readable format.
Right of appeal: You have the right to appeal to a competent supervisory authority against the method of the processing of your personal data.
Right of revocation: You have the right to revoke an issued consent at any time. Processing activities in the past based on your consent shall however not become illegal through your revocation.
We employ suitable technical and organisational security measures to protect your stored data from manipulation, partial or total loss and unauthorised access by third parties. Our security measures are continuously updated in line with technological developments.
We also take the protection of our own internal company data very seriously. Our staff and the service providers engaged by us are obligated to maintain confidentiality and to comply with the data protection regulations. Moreover, these are granted access to personal data only as far as is necessary.
We only store personal data as long as necessary,
in order to use the listed tracking services within the framework of our legitimate interest;
in order to perform the above cited scope of services that you have requested or to which you have given your consent
We retain contract data for longer as this is prescribed by statutory retention requirements. Retention requirements that obligate us to retain data derive from provisions of accounting and tax regulations. According to these provisions, business communication, concluded contracts and booking documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data shall be blocked. This means that the data may then only be used for fulfilling our retention requirements.
If you have any questions on data protection on our website, would like more information or would like to arrange for your data to be deleted, please contact us by sending an e-mail to firstname.lastname@example.org.
By post, please send your requests to the address below:
62-66 High Street
Irrespective of another judicial remedy or remedy under the administrative law, you have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, place of work or the place of the suspected infringement if you believe that the processing of your personal data infringes the EU-GDPR. The supervisory authority, to which the appeal was made, shall inform the appellant about the status and the results of the appeal including the possibility of a judicial remedy pursuant to art. 78 EU-GDPR.
62-66 High Street, Leicester, LE1 5YP.
ADM Computing Ltd.
Booths Park 3, L1C Booths Hall, Chelford Rd, Knutsford, WA16 8QZ.
P.O. Box 38, Tenby, SA69 9ZA.
Absolute Design Associates Ltd.
Haddon House, Millicent Road, West Bridgford, Nottingham, NG2 7PZ.
Champions (UK) PLC.
Barrington House, Leake Road, Costock, Loughborough, LE12 6XA.
V12 Retail Finance.
20 Neptune Court, Vanguard Way, Cardiff, CF24 5PJ.
The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.